Making Your Mark on Check Point's CCSA Exam
Licensing, NAT and acronyms abound on Check Point's challenging but straightforward Certified Security Administrator NG exam.
by Don Jones
7/30/2003 --
 |
|
|
| Exam
|
|
|
|
#156-210:
Check Point Certified Security Administrator NG |
|
|
Vendor |
|
|
|
Check
Point |
|
| Status
|
|
|
|
Live.
Available at Pearson Vue test centers worldwide. |
|
| Reviewer's
Rating |
|
|
|
"This
exam is straightforward and fair for an experienced Check Point
administrator." |
|
| Test
Information |
|
|
|
75
questions, 90 minute time limit, 69 percent needed to pass.
Cost: $150 (U.S.). |
|
| Who
Should Take This Exam? |
|
|
|
Passing
earns candidate Check Point's CCSA title, version NG |
|
|
| Test
Objectives |
|
|
|
Click
here
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
Check Point's Certified Security Administrator (CCSA) NG title is a vendor-specific
security credential focusing on the company's FireWall-1 and VPN-1 products.
In a marketplace that places an increasingly high value on security awareness
and credentials, this is an exam that experienced Check Point administrators
will definitely want to check out.
Exam Content
You'll need to pass only one exam to earn the title, 156-210. This exam
will set you back $150, and you'll have 90 minutes to answer 75 questions. You'll
need to get 69 percent of them correct to pass.
The questions are divided into six knowledge areas:
- VPN-1 / FireWall-1 Architecture
- SecPolicy, RuleBase, and PropSetup
- Advanced Security Policy
- Log Management
- Authentication Parameters
- Network Address Translation
Check Point's official objectives list isn't much more detailed than what's
outlined above (see here).
If you're so inclined, you can sign up for optional instructor-led training
that covers the exam content more in-depth. You'll be taking the exam at a Pearson
Vue testing center; it isn't offered through the Thomson Prometric channel.
The exam is designed for working Check Point administrators. With this in mind,
below I've detailed some content areas that you'll want to make sure you cover
in your studies, followed by my overall take on the exam, including some pitfalls
(and a bonus or two) to look out for.
Licensing
While none of the exam's six official categories mention licensing, license
management nonetheless stood out as a major component of the exam. I was asked
questions about the various ways to manage licensing, the type of licenses,
and so forth. I have mixed feelings about this. On one hand, license management
is certainly a major piece of the Check Point products. You can't possibly be
an effective administrator without understanding the ins and outs of licensing,
and that certainly makes licensing fair game for exam questions.
On the other hand, licensing has nothing to do with firewall or VPN servers.
Licensing is a completely artificial set of constraints that Check Point imposes,
and the fact that licensing is so important and complex as to warrant a handful
of exam items should be a heads up for Check Point's product developers. I'd
really like to see future versions of the products make licensing more intuitive
and less complex, so that more exam questions can focus on actual firewall management
and security issues, rather than license management.
Study Tip: Know the difference between Central and other types
of licensing, and how licenses are tied to products.
| -- advertisement (story continued below) -- | |
|
Network Address Translation
Network Address Translation (NAT) is a major component of most firewall products,
and you should expect to be heavily tested on your knowledge of NAT. FireWall-1
offers different NAT modes, such as Dynamic and Automatic. Check Point expects
certified administrators to know what each one does and when each one is the
appropriate solution: You'll be shown network diagrams and given a business
goal, and then asked to select the appropriate NAT configuration.
NAT, as you may know, is designed to translate private IP addresses on your
network into one or more public IP addresses on the Internet. NAT generally
works by dynamically modifying source port numbers in outgoing TCP and UDP packets;
replies can thus be sent back to the original computer by keeping track of those
port numbers. That's essentially how FireWall-1 works, although it offers quite
a bit of flexibility, and there's also other NAT modes (such as static and automatic).
Study Tip: Know why NAT is used and how it works. Also study how
the difference between the different NAT modes, particularly Dynamic NAT.
Authentication
Authentication stood out as a major, major piece of this exam. You may or may
not think that's fair; many of the FireWall-1 shops I've worked in don't bother
with authentication, and so there's a good argument that a qualified administrator
might not know much about it. Nonetheless, Check Point thinks you need to know
plenty about it in order to pass the exam, so if you haven't worked with authentication,
be sure to brush up.
FireWall-1 offers a bevy of authentication options, including transparent authentication,
user authentication, session authentication, client authentication and more.
Each of them works a bit differently, works with different protocols, and provides
a slightly different experience for end users. You need to understand how each
one is used, what protocols they're good with, and how each affects your network
users. Expect to be quizzed extensively on session, user, and client authentication
in particular. Questions range from business-issue questions like "which
authentication type would you select in such and such a situation," to
questions that ask you to select the statements which are (or are not) true
about a specific authentication method.
Study Tip: Make sure you know about transparent, client, user,
session and other types of authentication. Know how to turn them on, what
protocols they work with, and how users interact with them.
General Firewall
A smaller portion of the exam focuses on general firewall stuff, which is surprising:
I'd actually expected the majority of the exam to focus on creating policies
and rules and getting them arranged in the correct order. You'll find a few
questions like this, particularly ones that give a business goal such as allowing
all users to access a particular Web server.
You'll need to know quite a bit about how FireWall-1 inspects and applies rules.
Understand that, as with most firewalls, packets that aren't specifically permitted
by a rule are dropped (at least, by default), so the business of rule creation
is pretty much all about permitting the traffic you want.
Check Point also expects candidates for this certification to know about advanced
security policy. Here's where you'll really need to understand how FireWall-1
works. For example, do you know what happens to an Enforcement Module when its
Managing Server goes offline? Make sure you understand the complex interaction
between Check Point's software components, which bits handle which tasks, and
which ones rely on which other ones.
Study Tip: Know about hidden rules, cleanup rules and stealth rules.
Practice using them and understand how they work, what they do, and where
they fit into the product architecture.
Management
FireWall-1 management is another important topic. You'll need to be thoroughly
familiar with the different tool sets, such as Smart Status, what each tool
offers, and how you can customize access permissions for each tool. For example,
do you know how to configure the product so that a security auditor can review
logged information and configuration settings, without being able to modify
them? Do you know what the various icons and symbols within the administrative
interfaces mean, and what actions you should take based upon that meaning?
Study Tip: Know the different management tools, how to control
access to them, and what each one offers. Know how to grant permissions within
the administrative tools.
Overall Take
My company, BrainCore.Net, specializes in IT exam development, so I always have
an slightly different viewpoint than most when I'm taking an exam. While the
technology being tested is always at the front of my mind, the exam itself is
also something I pay close attention to. Check Point has a pretty good exam,
although there were a few things you'll want to watch out for.
My biggest problem with the exam is the large number of "negatives"
I was asked: "Which of the following are NOT characteristics of the product,"
for example. I don't like these questions because they require you to do a bit
of mental gymnastics to get the correct answer. You have to read each answer
choice, decide if it's true or false, and then select the false ones. It'd be
much better if these could just be rephrased as, "Which of the following
ARE characteristics of the product," which would be a more straightforward
approach.
This exam is entirely multiple choice, and you'll see a big number of "choose
2," "choose 3" and "choose 4" questions. Be careful,
though: While some of the questions tell you that you're choosing 2 (or 3 or
whatever) answers, not all of them do so. Be sure to check the status bar at
the bottom of the window, which always tells you how many correct answers you're
supposed to be picking.
I also noticed a number of questions that were what the exam development industry
calls "enemies". These are questions which give away information from
another question. Because you can move back and forth between the questions
as you take the exam, you have the opportunity to learn something from one item,
and then backtrack to get a better shot at an earlier item. Check Point should
carefully review their item pool with some experienced administrators and try
to eliminate these enemies. While it's great news for you as a test-taker than
some questions will help give you the answers to others, it does nothing for
maintaining the value and validity of the exam and the CCSA credential.
On a more positive note, the exam I took had no pop-up graphical exhibits.
There were a few questions with network diagrams, but the diagrams were embedded
directly into the question. I really appreciate not having to mess around with
the multiple windows that Vue's exhibit viewer utilizes, and I wish more exam
vendors would take Check Point's approach of embedding smaller graphics right
within the question itself.
Overall, I found the exam to be pretty straightforward and fair for an experienced
Check Point administrator. There were only a handful of questions that relied
on information I could have memorized (like asking me to select the correct
definition for a term), and the majority of the items really do require a moderate
level of experience with Check Point's products. I was a bit disappointed at
the number of acronyms scattered throughout the exam; I'm not sure it's fair
to expect every experienced firewall administrator to remember Check Point-specific
acronyms like SIC, and your chances of passing the exam fall off considerably
if you don't know all of these acronyms.
The questions themselves are almost all very short, so this should be a pretty
stress-free experience. If you haven't worked with authentication or licensing,
make sure you focus your study and lab efforts in those areas, as they're heavily
tested and are the ones more likely for even an experienced administrator to
miss.
Have you taken this exam? Post your rating below!
Don Jones is the owner and operator of ScriptingAnswers.com, a speaker at national technical IT conferences, and the author of nearly twenty books on information technology. His latest book is "Managing Windows with VBScript and WMI" (Addison-Welsey) and
he's completing "Windows Administrator's Automation Toolkit" (Microsoft Press). You can reach Don at his Web site or at don@scriptinganswers.com.
More articles by Don Jones:
Away, Foul Wires!
GPO Policies and Preferences
Imaginary Servers
Finding Idle Users
|
